Answered: [Security threat] tags are not sanitized in extra question field

Post date: 2020-07-01 00:44:51
Views: 314

Hey q2apro, I think you are testing the default q_view_extra($q_view); function.

The default function is still safe. But if you pull the content from the databse, it's not safe.

First, look! The script is stored in database.

database

Second, if create a function to pull that content form the datase:

public function q_item_extra($q_item)
{
$postidz = $q_item'raw']'postid'];
$extra = qa_db_read_one_value(qa_db_query_sub(
       'SELECT content FROM ^postmetas WHERE title="qa_q_extra" AND postid=#',
        $postidz
   ), true);
 
 //$extra = $q_item'extra']'content'];
 
        $this->output('My info:'.$extra);   
   
}

Here's the result:

test

I hope you'll get my point.

Please click Here to read the full story.
 
Other Top and Latest Questions:
OpenAI proposes 5% stake to Trump administration to ease Washington pressure: Report
Led by Buc-ee’s and new rival Dolly Parton, America’s gas station chains are in a mega-sizing era
Most prediction market contracts have low volume, leaving users exposed to volatility and bots
Buying the American Dream: The best tools, strategies and hacks for first-time house hunters
Apple plans five new iPhones through 2027, eyes Chinese-made chips amid foldable push, reports say
Stock market gains minted nearly 1 million new millionaires in 2025, new UBS report says
Google loses fight over record $4.7 billion EU antitrust fine
Anthologies of short stories with the same title?
These are the top stock picks from UBS analysts heading into the third quarter
X-Men '97: Days of Past Future